Re: [webfinger] [apps-discuss] Mail client configuration via WebFinger
Marten Gajda <marten@dmfs.org> Fri, 03 June 2016 09:38 UTC
Return-Path: <marten@dmfs.org>
X-Original-To: webfinger@ietfa.amsl.com
Delivered-To: webfinger@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B14C912D65D for <webfinger@ietfa.amsl.com>; Fri, 3 Jun 2016 02:38:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.02
X-Spam-Level:
X-Spam-Status: No, score=-2.02 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=dmfs.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0Z7VpsObw9hj for <webfinger@ietfa.amsl.com>; Fri, 3 Jun 2016 02:38:21 -0700 (PDT)
Received: from mailrelay2.public.one.com (mailrelay2.public.one.com [91.198.169.125]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EC5C812D64B for <webfinger@ietf.org>; Fri, 3 Jun 2016 02:38:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dmfs.org; s=20140924; h=from:subject:date:message-id:to:mime-version:content-type: content-transfer-encoding:in-reply-to:references; bh=JYKllgvu+WV4+/lUvqXJ7KpIps6GY1w+CKM7b7ElW54=; b=EVGHkgPMpHV1YRVsF/fgHvw/lysbAiHuN0LzfC0cqQtsNZZnRuIkmOx16nmlVi9BKNd4jFCBseE3u UNz3QSz6iTOTl29RzlYBMjSH+a7MWA2MbIlKuyGAE9ivCJuFpWeEHuazXhHdY5AiBV0NC+BtBtgrg5 c5Yo7oE511qovPtM=
X-HalOne-Cookie: 70c01d17fc65b8a2f32119af0007ff6faadb69d3
X-HalOne-ID: e705d87f-296e-11e6-8278-b82a72d03b9b
Received: from smtp.dmfs.org (unknown [79.240.231.213]) by smtpfilter2.public.one.com (Halon Mail Gateway) with ESMTPSA for <webfinger@ietf.org>; Fri, 3 Jun 2016 09:38:17 +0000 (UTC)
Received: from localhost.localdomain (p5DDA907C.dip0.t-ipconnect.de [93.218.144.124]) by smtp.dmfs.org (Postfix) with ESMTPSA id 292712B1 for <webfinger@ietf.org>; Fri, 3 Jun 2016 11:34:18 +0200 (CEST)
Message-ID: <57515008.4020003@dmfs.org>
Date: Fri, 03 Jun 2016 11:38:16 +0200
From: Marten Gajda <marten@dmfs.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: webfinger@ietf.org
References: <20160603004328.12103.qmail@ary.lan>
In-Reply-To: <20160603004328.12103.qmail@ary.lan>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/webfinger/pzLYf-cHfxw3swoEAx8FtgOeveo>
Subject: Re: [webfinger] [apps-discuss] Mail client configuration via WebFinger
X-BeenThere: webfinger@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of the Webfinger protocol proposal in the Applications Area <webfinger.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/webfinger>, <mailto:webfinger-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/webfinger/>
List-Post: <mailto:webfinger@ietf.org>
List-Help: <mailto:webfinger-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/webfinger>, <mailto:webfinger-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Jun 2016 09:38:24 -0000
Hi John, good question. I see a couple of advantages over RFC 6186 (and at least some of these have led to the development of the current draft). # user specific configuration The draft we're talking about allows a service provider to return a user specific configuration file. Some example use cases are * premium services can be included for premium users only, the client of a "free user" would not attempt to set up a service that it has no access to * user specific endpoints - consider a company with an office in Europe and an office in the US. All email addresses may share the same domain, say `example.com`, but the European users actually access IMAP under `imap.eu.example.com` and the US users access IMAP under `imap.us.example.com`. A configuration document can be smart enough to return the correct endpoint for each user, while SRV can't do that. # one document to rule them all A service configuration document contains information about all services a service provider offers. You don't need to guess which services might be there. Also, the service configuration client doesn't even have to know how to handle all the services. Ideally the configuration client would run on system level and dispatch the setup of each service found in the configuration document to the respective service handlers which are registered with the system. # additional information A service configuration document allows to integrate additional information like * OAuth2 scopes that are required to access a specific service * a link to an account management page * support/operator contact information # easier to integrate ## for clients Doing an SRV lookup is not well supported by some (or many) of the existing platforms & frameworks. Many Frameworks provide methods to resolve domains back and forth, but other record types are often not supported out of the box. We're developing Android clients for CalDAV & CardDAV and to do an SRV lookup we would have to integrate a 3rd party DNS library. Of course that 3rd party library should support DNSSEC, otherwise you can't trust the result of the SRV lookup. The draft we're talking about uses HTTP based technology, which is well supported in a secure manner by pretty much every platform/framework. ## for services Setting up DNS records is not an issue for large service providers, though it can be a problem for smaller installations if your hosting service doesn't give you such control over your DNS settings. Setting up Webfinger and a service configuration document can be quite trivial. In simple cases you can get away with a few static files on your server. In other cases a simple PHP script might solve this. # works cross domain (at least in theory) Technology like OpenID Connect allows to separate the identity provider from the actual service provider. So my email provider might not be the same as my calendar provider, but both use the same identity provider for authorization. My calendar client should be able to discover my calendars, even though my user id has a completely different domain part. Services like webfist.org can make this even more versatile and gives users full control over their service configuration document, even if their email provider doesn't support it. That's it for now. There may be other good reasons to favor a service configuration document over SRV records. Cheers, Marten Am 03.06.2016 um 02:43 schrieb John Levine: > If I may ask an obvious question, how much better in practice is this > likely to be than RFC 6186? I realize that 6186 is somewhat > inflexible and requires that the address or the local-part be the > login credential, but it is my impression that the vast majority of > mail servers are set up that way anyway. > > R's, > John > > _______________________________________________ > webfinger mailing list > webfinger@ietf.org > https://www.ietf.org/mailman/listinfo/webfinger -- Marten Gajda CEO dmfs GmbH Schandauer Straße 34 01309 Dresden GERMANY phone: +49 177 4427167 email: marten@dmfs.org Managing Director: Marten Gajda Registered address: Dresden Registered No.: AG Dresden HRB 34881 VAT Reg. No.: DE303248743
- Re: [webfinger] [apps-discuss] Mail client config… Dave Cridland
- Re: [webfinger] [apps-discuss] Mail client config… Paul E. Jones
- [webfinger] Mail client configuration via WebFing… Paul E. Jones
- Re: [webfinger] [apps-discuss] Mail client config… Cyrus Daboo
- Re: [webfinger] [apps-discuss] Mail client config… Paul E. Jones
- Re: [webfinger] [apps-discuss] Mail client config… Stephen Farrell
- Re: [webfinger] [apps-discuss] Mail client config… Paul E. Jones
- Re: [webfinger] [apps-discuss] Mail client config… Marten Gajda
- Re: [webfinger] [apps-discuss] Mail client config… Paul E. Jones
- Re: [webfinger] [apps-discuss] Mail client config… Paul E. Jones
- Re: [webfinger] [apps-discuss] Mail client config… Marten Gajda
- Re: [webfinger] [apps-discuss] Mail client config… Mikael Nordfeldth
- Re: [webfinger] [apps-discuss] Mail client config… Paul E. Jones
- Re: [webfinger] [apps-discuss] Mail client config… Eric Mill
- Re: [webfinger] [apps-discuss] Mail client config… Paul E. Jones
- Re: [webfinger] [apps-discuss] Mail client config… Marten Gajda
- Re: [webfinger] [apps-discuss] Mail client config… Paul E. Jones
- Re: [webfinger] [apps-discuss] Mail client config… Marten Gajda
- Re: [webfinger] [apps-discuss] Mail client config… Paul E. Jones
- Re: [webfinger] [apps-discuss] Mail client config… Marten Gajda
- Re: [webfinger] [apps-discuss] Mail client config… John Levine
- Re: [webfinger] [apps-discuss] Mail client config… Paul E. Jones
- Re: [webfinger] [apps-discuss] Mail client config… Marten Gajda
- Re: [webfinger] [apps-discuss] Mail client config… Marten Gajda
- Re: [webfinger] [apps-discuss] Mail client config… Paul E. Jones
- Re: [webfinger] [apps-discuss] Mail client config… Marten Gajda
- Re: [webfinger] [apps-discuss] Mail client config… George Fletcher
- Re: [webfinger] [apps-discuss] Mail client config… Marten Gajda
- Re: [webfinger] [apps-discuss] Mail client config… Marten Gajda